Posts Tagged ‘windows’

Get ready to install a fairly large batch of security patches onto your Windows computers.

As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products.

The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE).

Microsoft says the flaw could allow an attacker to take control of an affected system, install programs, view, change, or delete data by tricking victims into opening a specially crafted document or application sent over an email.

The flaw could even allow an attacker to create new accounts with full user rights. Therefore users with fewer user rights on the system are less impacted than users who operate with admin rights.

According to FireEye, this zero-day flaw has actively been exploited by a well-funded cyber espionage group to deliver FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July this year.

FinSpy is a highly secret surveillance software that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies.

Once infected, FinSpy can perform a large number of secret tasks on victims computer, including secretly monitoring computers by turning ON webcams, recording everything the user types with a keylogger, intercepting Skype calls, copying files, and much more.

“The [new variant of FINSPY]…leverages heavily obfuscated code that employs a built-in virtual machine – among other anti-analysis techniques – to make reversing more difficult,” researchers at FireEye said.

“As likely another unique anti-analysis technique, it parses its own full path and searches for the string representation of its own MD5 hash. Many resources, such as analysis tools and sandboxes, rename files/samples to their MD5 hash in order to ensure unique filenames.”

Three Publicly Disclosed Vulnerabilities

The remaining three publicly known vulnerabilities affecting the Windows 10 platform include:

Broadcom BCM43xx Remote Code Execution Vulnerability (CVE-2017-9417): this flaw exists in the Broadcom chipset in HoloLens, which could be exploited by attackers to send a specially crafted WiFi packet, enabling them to install programs, view, change, or delete data, even create new accounts with full admin rights.

BlueBorne Attack: Another Reason to Install Patches Immediately

Also, the recently disclosed Bluetooth vulnerabilities known as “BlueBorne” (that affected more than 5 Million Bluetooth-enabled devices, including Windows, was silently patched by Microsoft in July, but details of this flaw have only been released now.

BlueBorne is a series of flaws in the implementation of Bluetooth that could allow attackers to take over Bluetooth-enabled devices, spread malware completely, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.

So, users have another important reason to apply September security patches as soon as possible in order to keep hackers and cyber criminals away from taking control over their computers.

Other flaws patched this month include five information disclosure and one denial of service flaws in Windows Hyper-V, two cross-site scripting (XSS) flaws in SharePoint, as well as four memory corruption and two remote code execution vulnerabilities in MS Office.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Some people are asking why. After all, with MySQL, MariaDB, postgreSQL, and Oracle Database 12c Linux, there’s no shortage of RDBMS servers on Linux.Part of the reason is simple enough. Scott Guthrie, head of Microsoft’s Cloud & Enterprise business, said “This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud.The more complex answer is that Microsoft’s fortune is no longer based on Windows. True, SQL Server will be available on Red Hat Enterprise Linux (RHEL) and Canonical’s Ubuntu Linux as a standalone server applications, that’s not where it’s meant to run. As Ed Bott recently uncovered, Microsoft’s new cash cows are Azure and server applications. In particular, “Microsoft Azure is growing rapidly and is reported in the same group as traditional server products (SQL Server is up, Windows Server is down). Collectively, that pair is at the top of the list.”And what operating systems run on Azure? Mark Russinovich, CTO of Microsoft Azure, Microsoft’s cloud program, said last fall that open source and Linux make great financial and technical sense for Microsoft. “It’s obvious, if we don’t support Linux, we’ll be Windows only and that’s not practical.” Then, one in four Azure operating systems instances were Linux. And that number has only been increasing.ADVERTISINGFor Microsoft to continue to grow as a cloud and services company it must become a Linux company.And, in particular, Microsoft wants to be a Linux cloud power. Today, Azure is certainly the primary way Microsoft monetizes Linux, so it’s only logical that SQL Server would be added to Linux.Al Gillen, IDC’s group vice president, sees this. “By taking this key product to Linux, Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”

Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers.

The critical Git vulnerability affects all versions of the official Git client and all the related software that interacts with Git repositories, including GitHub for Windows and Mac OS X, according to a GitHub advisory published Thursday.

HOW GIT BUG WORKS

The vulnerability allows an attacker to execute remote code on a client’s computer when the client software accesses Git repositories. The GitHub engineering team gave a detailed explanation on how attackers might exploit the vulnerability:

“An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine,” Thursday’s advisory warned. “Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive file system.”

In yet another bid to make up lost ground in the long march to the future of computing, Microsoft is now open sourcing the very foundation of .NET—the software that millions of developers use to build and operate websites and other large online applications—and it says this free code will eventually run not only on computer servers that use its own Windows operating system, but also atop machines equipped with Linux or Apple’s Mac OS, Microsoft’s two main operating system rivals.

“We want to have a developer offering that is relevant and attractive and valuable to any developer working on any kind of application,” says S. “Soma” Somasegar, the 25-year Microsoft veteran oversees the company’s wide range of tools for software developers.

With the move, Microsoft is embracing the reality that modern software and online services run atop a variety of operating systems—and that Windows no longer dominates the market the way it once did. At least tacitly, the software giant is acknowledging that so many businesses and developers now choose to run their software atop computer servers loaded with the open source Linux operating system, which, in recent years, has evolved in ways that Windows has not. Most notably, it offers what’s called containers, a new means of streamlining the way applications are built and operated.

“Today, people who are stuck on the .NET platform have to use a server environment that doesn’t have what Linux does,” says James Watters, who, at a company called Pivotal, works hand-and-hand with a wide range of developers and companies as they build large online software applications. “They’re stuck with a generation-behind technology.”

For Watters, Microsoft has ample ground to make up. But in opening sourcing what’s called the .NET Core runtime—freely sharing it with the world at large—the company at least gives itself a fighting chance as it seeks to maintain a hold on the way the world builds and runs software.

In theory, an open source .NET that runs on Linux and Mac OS will expand the use of Microsoft’s developer tools. Then the company can pull in revenue through other channels—through premium versions of its developer tools and through its cloud computing service, Microsoft Azure, a means of building and running software without setting up your own servers.

The move is just the latest in a long line of rather large changes Microsoft has made since Nadella took over as CEO in January—all with an eye towards the rise of rival operating systems and open source software. The company now offers free versions of its Office applications for Apple iPhones and iPads. It provides a free version of Windows for phones and other small devices, hoping to catch up with Google’s open source Android operating system. And it says that the next version of Windows for computer servers will run Docker, a hugely important container technology that was originally built on Linux.

All this seemed unlikely under previous CEO Steve Ballmer—and all can help Microsoft find new relevance in the ever-changing world of online computing.

Chasing Java

Among developers and businesses building websites and other large online services, .NET is one of the primary competitors to Java. It’s widely used among companies that rely heavily on Microsoft software —the company says .NET was installed more than 1.8 billion times over the last year—but according to most estimates, Java is still the more popular tool. And many consider it the more powerful.

According to Watters, about 60 percent of Pivotal’s customers built their apps atop Java, about 40 percent on .NET. “Java is the go-to, and .NET is the legacy,” he says.

Linux, and Ubuntu in particular, missed a golden opportunity to truly break into the mainstream market during the early days of Vista. The buggy operating system (prior to SP1) left consumers angry and willing to consider alternatives, but at the time, even Ubuntu was still a little rough around the edges to draw widespread interest among lifelong Windows users. With Canonical’s release of Ubuntu 14.04 (Trusty Tahr) coming hot off the heels of Microsoft discontinuing support for Windows XP, could a mass migration take place?

Hey, anything is possible. And unlike the early Vista era, Canonical is actively chasing Windows users with its latest release.

“The 14.04 LTS release offers a solid, intuitive experience which is easy to manage,” Jane Silber, CEO at Canonical comments. “It is a viable and affordable alternative for those organizations considering a switch from Microsoft, and specifically those replacing XP or Windows 7 as they come to the end of life.”

Based on those comments, Canonical is also going after Windows users who don’t like the direction Microsoft took the platform with Windows 8. It’s a bold and aggressive strategy, and you have to give Canonical credit for going about it in a tactful manner — the company isn’t bashing Microsoft or Windows, it’s just pointing out that Ubuntu 14.04 is a cost-effective alternative.

Before we get to the list itself, here’s a some quick background for Windows XP users who aren’t familiar with Linux or open source software. Linux is an operating system that anyone can use free of charge. In addition, anyone can see the source code for Linux and modify it however they like. Because anyone can tweak it, it comes in thousands of different versions, which are known as “distributions.” Different Linux distributions use different interfaces or “desktops,” which determine how the operating system looks on the screen. Unlike Windows, Linux distributions generally come with lots of free applications already built in, so users don’t have to pay extra for office productivity software, security software, games or other applications.

Beginner-Friendly Linux Distributions

1. Linux Mint

Many people consider Linux Mint to be among the most intuitive operating systems for Windows XP users. It supports several different desktop interfaces, including Cinnamon, which users can configure to look and feel a lot like XP.

2. Ubuntu

Very easy to use, Ubuntu is likely the most widely used Linux distribution in the world. The desktop version offers speed, security, thousands of built-in applications and compatibility with most peripherals.

Built specifically to attract former Windows users, Ubuntu-based Zorin is probably the Linux distribution that’s the most similar to Windows. It includes a unique “Look Changer” that switches the desktop to look like Windows 7, XP, Vista, Ubuntu Unity, Mac OS X or GNOME 2, and it includes WINE and PlayOnLinux to allow users to keep using their Windows software.

Also similar to Windows, Robolinux promises to allow users to run all their Windows XP and 7 software without making themselves vulnerable to malware. It also includes more than 30,000 open source applications.

Formerly known as YLMF, the interface for StartOS looks an awful lot like Windows XP. It’s managed by a group of Chinese developers, so the website is in Chinese. However, English versions of the OS are available.

According to the Pinguy website, “PinguyOS is very much designed for people who are new to the Linux world; many people coming from both a Windows or a Mac background will find plenty of familiar features along with some new ones that aren’t available in either Windows or Mac.” It’s based on Ubuntu and uses the Gnome-Shell desktop.

Popular with new Linux users, MEPIS aims at providing a Linux distribution that’s very stable and very easy to use. It comes with hundreds of applications preinstalled and you can easily dual-boot it alongside Windows so that you can continue using XP software.

Previously known as Cinnarch, Antergos is based on Arch Linux, which is popular with hard-core open source users, but Antergos much easier for beginners to use than Arch. It comes with a graphical installer that allows the user to choose from among several interfaces, including some that look quite a bit like XP.

Like Antergos, Manjaro aims to be a more user-friendly version of Arch. It comes with desktop environments, software management applications and media codecs pre-installed so users can get right to work after installing it.

For those looking to replace Windows XP on a PC primarily used by kids, Edubuntu is an excellent choice. It’s based on Ubuntu (and supported by Canonical, the company behind Ubuntu), so it’s very user-friendly. Plus, it adds plenty of software tailored for use by schools or home users with children.

Forked from Mandrake (which was later renamed Mandriva), Mageia is a community-driven Linux distribution with a good reputation for being beginner-friendly. Because it’s updated very frequently, it tends to include more recent versions of software packages, and it has excellent support for several different languages.

Like Mageia, OpenMandriva is a community-managed Linux distribution based on Mandrake/Mandriva. It attempts to be simple and straightforward enough for new users but also to offer the breadth and depth of capabilities demanded by advanced users.

Kubuntu’s goal is to “make your PC friendly,” and it’s fairly easy for new Linux users to figure out. It combines Ubuntu and the KDE desktop and includes plenty of built-in software, like a web browser, an office suite, media apps and more.

Netrunner is based on Kubuntu, plus some interface modifications to make it even more user friendly and some extra codecs to make it easier to play media files. The project also offers a second version of the same OS based on Manjaro.

Kwheezy is based on Debian, which is popular with advanced Linux users, but it’s designed to be more accessible for Linux newcomers. It comes “with all the applications, plugins, fonts and drivers that you need for daily use, and some more,” and it uses the intuitive KDE desktop.